Hello, Is it proper way to migrate collected data (metadb, packetdb,
sessiondb) to new appliance? For example we have appliances series 4 (SA
Server, LogHybrid) 10.6.x (or 11) version and want to migrate our data
to new appliances series 6 (SA Server...
Hello, We have alert "Critical Filesystem Usage on Rabbitmq Message
Broker" into Health & Wellness tab. Since RabbitMQ directory was moved
from /var/lib/rabbitmq to /var/netwitness/rabbitmq on 11 version how we
can manage our disk space (/var/netwitn...
Hello, Can I use List from Reporting module into ESA Rules?For example I
have few ESA Rules where I filter many source IP addresses. I want to
create one List and use it List into all my ESA Rules. Can I do it? How?
Hello, Somebody has positive experience of collecting files through SFTP
Agent from remote server? I have Windows cluster and I want to collect
files from another server through windows share. I create share on
Windows claster and use config like:
fi...
My current and potential customers want to have behavioral analysis.
Unfortunately this mechanism is absent out of the box. Maybe somebody
has EPL rules and can share it? I have few suggestion about behavioral
analysis rule: 1. If user (IP) has X con...
Hello Renato, No, deleting the erl_crash.dump has no influence to
result. The problem looks more complicated how I think. If you will try
to install (fresh install 11.x version) LogHybrid or PacketHybrid you
will see that Decoder and Concentrator use...
Dave, The directory is correct. I use Netwitness 11 and it is work for
other SFTP Agents. The problem on the SFTP Agent side (before transfer
the file to Netwitness). The file reading not correct due to encoding of
the file (not ANSI).
Hello David, Can I create my custom CEF parser? I have my own event
source send logs by CEF. I wish add some new mapping but I don't want to
unsubscribe from CEF parser in RSA Live.
